[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Some questions about m0n0wall
 Date:  Thu, 13 Mar 2008 16:37:10 -0500
Adam Piasecki wrote:
> Hello all,
> I'm planning on deploying some net5501 w/monowall or pfsense as i hear 
> they are a pretty good box for m0n0wall. My plan is to use this box and 
> scale up in hardware where ever needed.

Might want to scale now...  Save time. :)

>   1. Can someone please tell me how you would tell m0n0wall to
>      recognize the extra ram, in the FAQ it's limit is 64mb.

As said, the ram is used. However the "ram disk" is statically sized. 
Some of the beta images have a larger ram disk.

>   2. What are the largest loads that people have put on m0n0wall, DHCP,
>      user number and bandwidth?

This depends on the nic used.  A good Intel or 3com nic offloads the 
heavy lifting from the processor.  You can get close to wire speed with 
these nics in PC hardware.  However, you will not get close to that in 
the net5501.

>   3. 30,000 firewall states is the limit, is there any way to increase
>      this?

Custom image. This is not as bad as it seems, but there is almost no 

>   4. What other tweaks can i put on m0n0wall to make it work under
>      large loads.

Pick the right hardware.  No realtek nics... :)

> *What i need, and think m0n0wall can do.*
>    * up to 5-70mb of bandwidth throughput LAN <-> WAN

Known to work.

>    * 100-1,500 DHCP users

Known to work, however this will mean a big DHCP table and so your file 
system can fill up, especially if you do a lot of other stuff.

>    * Able to view DHCP Leases and Host names of laptops on network.

It's in there stock.  Leases save the hostname.  This will not work for 
static IP, or for static assigned IP, however.

>    * ICMP tool available


>    * Captive Portal on all LAN Users (No Authentication, just AUP)

Yep.  See above for filesystem load.  No local files, for example.

>    * Traffic shaping on Certain ports 80/25/21/22/VOIP... ect to
>      provide QOS for basic internet usage. All other traffic dumped
>      into a lower queue

In there stock, but it takes more load.  The net5501 is looking mighty 
slim right about now.

>    * Each IP(User) is bandwidth throttled for a max up/down speed OR If
>      the m0n0wall can dynamically allocate bandwidth per IP that will
>      work also(I think it does this)

It is in there.  I have not used it.

>    * Throttle bandwidth on WAN, (Example: Internet connection may be
>      able to burst to 100mb, but you want to hard limit the M0n0wall
>      for 25mb, so the wan traffic to the internet never goes over this
>      amount)

It is in there.  I have not used it.

>    * IPSEC VPN into management (OPT1) Interface, (For Remote management
>      of equipment over the VPN)

I use both this and pptp.  They work very well.

> *What i need, and i don't think monowall can do.*
>    * Run Captive portal on more then 1 interface, VLANs are consider
>      another interface.


>    * Terminate large amounts of VLANs, GUI limitations prevent you from
>      seeing all the VLANS

Define large...

>    * Can't do per IP bandwidth monitoring, (PFSense does support this)
>    * Can't do 1:1 mapping dynamically, (For users who use IPSEC VPNS
>      behind nat)

Not sure...